Through this method, you can collect a lot of useful information about the target host (for example, can you log in anonymously! Whether there is a writable FTP directory, whether TELNET can be used, and whether HTTPD runs with ROOT or nobady.
The basic principle of port scanning is to see if the specified port is open.
The technique is to try to connect to the specified port. There are two categories:
1, semi-connected connection (syn scan, 3 handshakes not completed).
2. Fully connected (3 handshakes have been completed).
Extended data:
Scan type control
1, sW (scanning sliding window)
2.-sR(RPC scanning)
3、PE; -PP; -pm (ping of icmp type)
4.-PR (ping-n of ARP type (no DNS resolution)
5.-R (DNS resolution of all targets)
6. Service version detection
Common operations on the host
1, -A or -O (detecting operating system)
2, -v (increase the level of detail of information)
3.-p (port range)